DTrace Introduction
DTrace can be used to get a global overview of a running system, such as the amount of memory, CPU time, filesystem and network resources used by the active processes. It can also provide much more fine-grained information, such as a log of the arguments with which a specific function is being called, or a list of the processes accessing a specific file.
DTrace is a dynamic tracing technology that can be used to locate system performance issues, obtain information about system function calls, or monitor system runtime information. And worth noting is that DTrace is non-intrusive to existing code. Also, there is no need to modify the existing code or use instrumentation technology to obtain more system information.
If you have ever used Instrument, you may know more about DTrace, because most of the functions in Instrument (probably) are based on DTrace.
Go Straight To Topic
Let’s see what it can do first.
demo 1 Objective C View Controller -viewDidLoad
A mysterious page pops up (in fact, just click the red button), so who secretly triggered viewDidLoad? (Of course, set a symbol breakpoint can also do the same job. 😢)
“PIN” the viewDidLoad by using DTrace, and then we can know what happened.
From the above figure, we can know the triggering process of viewDidLoad in detail.
demo 2 Xcode IO
Who is using my disk secretly?
Through the following script, “PIN” the Xcode / XCBBuildService IO operation, then we can know the Xcode IO detail, file paths & cost time.
We can roughly understand what DTrace can do through the above two examples.
- Get more details behind the “Unknown” operations. ( like kernel learning, reverse analysis, or security audit. )
- Monitor system events and analyze the time-consuming information. ( like performance optimization. )
Probe, Variables, Struct And Operators
Probe indicates the probe we need to “PIN”, Predicate indicates the filtering condition and Action indicates our operations.
Probe Description
For example, the following figure shows the entry of the viewDidLoad method for monitoring all UIViewControllers in the specific process.
A picture is worth a thousand words.
Get All Probes Of Current System
The following command indicates the number of probes present in the system when this command is running.
predicate
One major difference between D and other programming languages such as C, C++, and the Java programming language is the absence of control-flow constructs such as if-statements and loops.
Although it is described in DTrace Guide 1.6. Predicates that DTrace does not support if-else statements. Actually, DTrace supports if-else statements under tests and for loop is still not supported intentionally.
“Native Grammar”
“Syntactic Sugar”
The above two implementations may be equivalent.
Variables
Variables in DTrace do not need to be defined before use.
There are several different variable types in DTrace, and you can see the DTrace Variables.
Script
Similar to the shell, DTrace can also parse the script, and pass it to DTrace for using through -s xxx.d.
Struct
Similar to the C language, DTrace also supports the use of structures.
Built-in Functions And Variables
Aggregations
When we do performance-related statistics, we usually measure the aggregated data in a specific dimension, rather than focusing too much on the data collected by a single probe.
For example, we need to count the number of calls to a function in Foo. It can be aggregated by the count () function.
CheatSheet
Some Other Usages Of DTrace
Track Objective C method implementation
The more general version
Summary
The only limit is your imagination.
DTrace is very powerful, its role depends entirely on your use. Concerning the behavior of the previously opaque system/kernel, there is now an opportunity for further exploration.
There are many places worth learning in the built-in scripts of the system, such as the implementation of iotop (display top disk I / O events by a process) and dapptrace (trace user and library function usage), which can provide a lot of help for performance optimization.
